CrowdStrike unveils tools to fight threats to cloud-native applications

CrowdStrike has unveiled new capabilities for its adversary-focused cloud-native application protection platform (CNAPP). These new capabilities shorten the time it takes to respond to threats in cloud environments and workloads by accelerating threat hunting.

CrowdStrike specializes in cloud-delivered endpoint protection, cloud workloads identity and data. CrowdStrike Security Cloud and world-class AI operate on the CrowdStrike Falcon platform. This platform employs real-time attack indicators, threat intelligence, developing adversary trade craft and enriched telemetry from across the enterprise, to enable hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized visibility of vulnerabilities.

The Falcon platform, which is purpose-built in the cloud with a single lightweight-agent architecture, is designed to facilitate fast and flexible setup, enhanced security and efficiency, easy implementation and quicker time-to-value.

Unveiled on the Falcon platform, the new adversary-focused CNAPP capabilities bring together two of CrowdStrike’s cloud solutions via a shared cloud activity dashboard. The popular agentless Falcon Horizon called Cloud Security Posture Management (CSPM) and the agent-based Falcon Cloud Workload Protection (CWP) modules.

Created to assist security and devops teams in prioritizing the most critical cloud security issues, addressing runtime threats and enabling cloud threat hunting, the updates also include new methods of leveraging Falcon Fusion (CrowdStrike’s SOAR framework) to automate remediation for Amazon Web Services (AWS); new custom Indicators of Misconfigurations (IOMs) for AWS, Google Cloud Platform (GCP) and Microsoft Azure; new methods to prevent identity-based threats; and more.

Organizations that use multicloud environments and hybrid work models have disintegrated traditional work boundaries. Developers spin clouds up and down in minutes without noticing any potential misalignment.

Similarly, public cloud instances are made available for immediate use without the use of MFA (multifactor authentication) or other security procedures. An attacker can exploit a security flaw in less than a second and launch a fast-moving lateral breach. To secure their cloud infrastructures before a threat actor finds a way in, companies must think like attackers.

Recently named a Strong Performer in The Forrester Wave, CrowdStrike is addressing this need with the adversary-focused approach to CNAPP, which is powered by industry-leading threat intelligence.

“CrowdStrike is distinct from other vendors in the market because we offer both agent-based and agentless solutions, giving organizations complete visibility, detection and remediation capabilities to safeguard their cloud infrastructure,” said Amol Kulkarni, the chief product and engineering officer at CrowdStrike.

According to Kulkarni, CrowdStrike also offers breach protection for cloud workloads, containers and Kubernetes. The company does this for enterprises with multicloud and hybrid cloud infrastructures, giving them real-time alerting and reporting on over 150 cloud threats. CrowdStrike’s adversary-focused approach to CNAPP, which is backed by industry-leading threat intelligence, guarantees that enterprises are well-prepared to defend against cloud breaches.

Dave Worthington, general manager of digital security and risk at Jemena, affirmed that CrowdStrike’s CNAPP provides a deep and accurate view of the cloud threat landscape. This, he said, has set CrowdStrike apart from the competition.

“CrowdStrike’s cloud security services, such as Falcon Horizon, which we use to monitor our cloud environment and detect misconfigurations, vulnerabilities and security threats, are continually evolving and improving, which is one of the biggest benefits I’ve seen,” Worthington said.

Jason Waits, director of cybersecurity at Inductive Automation, similarly believes that the Falcon platform’s expansion to enable CNAPP can deliver full cloud security with threat hunting capabilities that no other vendor can replicate.

“CrowdStrike’s performance amazes us due to its minimal CPU usage and relatively low impact on overall system performance. We’re able to reduce security blindspots with Falcon Horizon by continuously monitoring our cloud environment for misconfigurations,” Waits said.

CrowdStrike’s adversary-focused CNAPP capabilities

Cloud activity dashboard: Combines Falcon Horizon’s CSPM insights with Falcon CWP’s workload protection into a single user interface. This allows for speedier assessment and intervention by prioritizing critical issues, addressing runtime risks and enabling cloud threat hunting.

Custom indicators of misconfigurations (IOMs) for AWS, Azure and GCP: Guarantees that security is a component of every cloud deployment, with tailored policies that correspond with organizational goals.

Identity access analyzer for Azure: Defends against identity-based threats. It also guarantees that permissions are enforced based on the least privilege for Azure Active Directory (AD) groups’ users and apps. Falcon Horizon’s existing Identity Access Analyzer for AWS functionality has been extended with this capability.

Automated remediation workflow for AWS: Responds to threats with guided and automated remediation powered by Falcon Fusion. Workflows provide context and prescriptive direction for resolving issues and reducing incident resolution time.

Falcon container detection: Defends against malware and sophisticated threats targeting containers automatically with machine learning (ML), artificial intelligence (AI), indicators of attack (IoAs), deep kernel visibility and custom indicators of compromise(IoCs) as well as behavioral blocking.

Rogue container detection: Keeps track of container deployments and decommissions. It detects and scans malicious images and also identifies and prevents privileged or writable containers from being created – which can be used as entry points for attacks.